11531 matches found
CVE-2025-61921 Sinatra has ReDoS vulnerability in ETag header value generation
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response. Carefully crafted...
Improper Authorization
org.springframework, spring-core is vulnerable to improper authorization. The vulnerability is due to incorrect annotation resolution on methods within type hierarchies that use unbounded generics, which allows an attacker to bypass security checks when Spring Security’s @EnableMethodSecurity...
[SECURITY] Fedora 41 Update: ibus-bamboo-0.8.4~RC6-2.fc41
A Vietnamese IME for IBus using Bamboo Engine. The open source Vietnamese keyboard supports most common encodings, popular Vietnamese typing methods, smart diacritics, spell checking, shortcuts,...
[SECURITY] Fedora 42 Update: ibus-bamboo-0.8.4~RC6-2.fc42
A Vietnamese IME for IBus using Bamboo Engine. The open source Vietnamese keyboard supports most common encodings, popular Vietnamese typing methods, smart diacritics, spell checking, shortcuts,...
PT-2025-41597
Name of the Vulnerable Software and Affected Versions Sinatra versions prior to 4.2.0 Description Sinatra, a domain-specific language for creating web applications in Ruby, contains an issue where carefully crafted input can cause excessive processing time during the parsing of If-Match and...
CVE-2025-59976
An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file...
CVE-2025-59976 Junos Space: Arbitrary file download vulnerability in web interface
An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file...
PT-2025-41410
Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R3 Description A flaw exists in the web interface of Junos Space that could allow a network-based attacker with valid credentials to download arbitrary files from the file system. An attacker...
SUSE CVE-2022-50521
In the Linux kernel, the following vulnerability has been resolved: platform/x86: mxm-wmi: fix memleak in mxmwmicallmxds|mx The ACPI buffer memory out.pointer returned by wmievaluatemethod is not freed after the call, so it leads to memory leak. The method results in ACPI buffer is not used, so...
PT-2025-41260
Name of the Vulnerable Software and Affected Versions vaahcms version 2.3.1 Description A cross-site scripting issue exists in vaahcms version 2.3.1. A remote attacker can potentially execute arbitrary code through the upload method within the storeAvatar function of the UserBase.php file...
CVE-2025-61183
VaahCMS 2.3.1 is affected by a Stored XSS via the Avatar Upload endpoint in storeAvatar() of UserBase.php. The vulnerability stems from saving the uploaded file to a public path before content/MIME-type validation, allowing an attacker to place a crafted SVG that can execute script when rendered....
CVE-2022-50521
In the Linux kernel, the following vulnerability has been resolved: platform/x86: mxm-wmi: fix memleak in mxmwmicallmxds|mx The ACPI buffer memory out.pointer returned by wmievaluatemethod is not freed after the call, so it leads to memory leak. The method results in ACPI buffer is not used, so...
UBUNTU-CVE-2022-50521
In the Linux kernel, the following vulnerability has been resolved: platform/x86: mxm-wmi: fix memleak in mxmwmicallmxds|mx The ACPI buffer memory out.pointer returned by wmievaluatemethod is not freed after the call, so it leads to memory leak. The method results in ACPI buffer is not used, so...
CVE-2022-50521 platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
In the Linux kernel, the following vulnerability has been resolved: platform/x86: mxm-wmi: fix memleak in mxmwmicallmxds|mx The ACPI buffer memory out.pointer returned by wmievaluatemethod is not freed after the call, so it leads to memory leak. The method results in ACPI buffer is not used, so...
CVE-2022-50521 platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
In the Linux kernel, the following vulnerability has been resolved: platform/x86: mxm-wmi: fix memleak in mxmwmicallmxds|mx The ACPI buffer memory out.pointer returned by wmievaluatemethod is not freed after the call, so it leads to memory leak. The method results in ACPI buffer is not used, so...
EUVD-2025-32840
In the Linux kernel, the following vulnerability has been resolved: platform/x86: mxm-wmi: fix memleak in mxmwmicallmxds|mx The ACPI buffer memory out.pointer returned by wmievaluatemethod is not freed after the call, so it leads to memory leak. The method results in ACPI buffer is not used, so...
CVE-2022-50521
The CVE-2022-50521 issue affects the Linux kernel (platform/x86 mxm-wmi) with a memleak in mxm_wmi_call_mx[ds|mx]. The ACPI buffer (out.pointer) returned by wmi_evaluate_method() was not freed after the call, causing a memory leak. The patch fixes this by passing NULL to wmi_evaluate_method(), pr...
CVE-2025-10645 WP Reset <= 2.05 - Unauthenticated Sensitive Information Exposure via wf-licensing.log
The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WFLicensing::log method when debugging is enabled default. This makes it possible for unauthenticated attackers to extract sensitive license key and site data...
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-core-6.2.3.jar (CVE-2025-41249)
Summary IBM Sterling Connect:Direct Web Services is vulnerable to Annotation detection mechanism may not correctly resolve annotations on methods in spring-core-6.2.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The...
EUVD-2021-2015
Malware in sbrugna...